CVE-2022-24777

CVE-2022-24777 – grpc-swift denial of service : The issue affects grpc-swift servers before version 1.7.2. It results from incorrect logic when handling GOAWAY frames, allowing a low-effort attack that can crash the server and drop all in-flight connections and requests. The impact on availabilit...

CVE-2021-36153

The CVE-2021-36153 entry affects gRPC Swift (GRPCWebToHTTP2ServerCodec.swift) in versions 1.1.0 and 1.1.1. The issue is a mismanaged state when parsing certain gRPC Web requests, which can allow remote attackers to cause a denial of service. Public sources in the connected documents confirm the a...

CVE-2021-36155

CVE-2021-36155 affects gRPC Swift up to version 1.1.0, where LengthPrefixedMessageReader can allocate buffers of unbounded size, leading to uncontrolled resource consumption and denial of service in gRPC Swift clients and servers. The issue arises from how messages are read/parsed, enabling an at...

CVE-2021-36154

CVE-2021-36154 affects gRPC Swift up to version 1.1.1, where HTTP2ToRawGRPCServerCodec can mishandle multiple small messages in a single HTTP/2 frame, causing uncontrolled recursion and denial of service. Public advisories (GHSA-4RHQ-VQ24-88GW and OSV/Red Hat entries) confirm the issue and state ...